[
https://issues.apache.org/jira/browse/YARN-8583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sunil Govindan updated YARN-8583:
---------------------------------
Target Version/s: 3.3.0 (was: 3.2.0)
Bulk update: moved all 3.2.0 non-blocker issues, please move back if it is a
blocker.
> Inconsistency in YARN status command
> ------------------------------------
>
> Key: YARN-8583
> URL: https://issues.apache.org/jira/browse/YARN-8583
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Eric Yang
> Priority: Major
>
> YARN app -status command can report base on application ID or application
> name with some usability limitation. Application ID is globally unique, and
> it allows any user to query application status of any application.
> Application name is not globally unique, and it will only work for querying
> user's own application. This is somewhat restrictive for application
> administrator, but allowing other user to query any other user's application
> could consider a security hole as well. There are two possible options to
> reduce the inconsistency:
> Option 1. Block other user from query application status. This may improve
> security in some sense, but it is an incompatible change. This is a simpler
> change by matching the owner of the application, and decide to report or not
> report.
> Option 2. Add --user parameter to allow administrator to query application
> name ran by other user. This is a bigger change because application metadata
> is stored in user's own hdfs directory. There are security restriction that
> need to be defined.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
